06-10-2010 12:13 AM - edited 03-11-2019 10:57 AM
Hi Guys,
I know this can be done on other firewalls which support source based routing, but I was wondering if its possible on an ASA to have two active ISP connections? So for example if I wanted to force Network A's Internet traffic(which could be any public IP) to go out one ISP and force Network B's Internet traffic to go out another?
Could contexts be used to do this maybe?
cheers.
Solved! Go to Solution.
06-10-2010 02:57 AM
marcosgeorgopoulos wrote:
Hi Guys,
I know this can be done on other firewalls which support source based routing, but I was wondering if its possible on an ASA to have two active ISP connections? So for example if I wanted to force Network A's Internet traffic(which could be any public IP) to go out one ISP and force Network B's Internet traffic to go out another?
Could contexts be used to do this maybe?
cheers.
Marcos
Contexts would pretty much be the only way to achieve what you want assuming you have spare interfaces on the ASA for the context ie. do you have an inside interface for network A, one for network B and 2 interfaces for the outside connected to each ISP ? You could always use subinterfaces if you don't have spare physical interfaces.
Then with each context has it's own default-route ie. the relevant ISP.
Jon
06-10-2010 02:57 AM
marcosgeorgopoulos wrote:
Hi Guys,
I know this can be done on other firewalls which support source based routing, but I was wondering if its possible on an ASA to have two active ISP connections? So for example if I wanted to force Network A's Internet traffic(which could be any public IP) to go out one ISP and force Network B's Internet traffic to go out another?
Could contexts be used to do this maybe?
cheers.
Marcos
Contexts would pretty much be the only way to achieve what you want assuming you have spare interfaces on the ASA for the context ie. do you have an inside interface for network A, one for network B and 2 interfaces for the outside connected to each ISP ? You could always use subinterfaces if you don't have spare physical interfaces.
Then with each context has it's own default-route ie. the relevant ISP.
Jon
06-10-2010 03:04 AM
Thanks John,
Yeah I had a hunch that would be the only way to go... Unfortunately the use of contexts would eliminate my ability to use the ASA VPN functionality.
ok, back to the drawing board.
Thanks again.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide